Cloud Overview
Over the past few years I’ve written a lot about the cloud, and what it means for Europe. Here I want to pull the various articles together into a coherent story. Note, nothing of what follows is in any way novel or original. While the facts presented in the articles are pretty inconvenient and in parts depressing, they are not controversial (or should not be).
The cloud is a lot
To start with, “the cloud” by now is a large catalog of services. This catalog can be likened to IKEA: The cloud has everything. If you want to compete, you need to show up with a lot of stuff. No one is interested in a less complete IKEA. In addition, the services being sold by the hyperscaler cloud-IKEAs are not easy to replicate. Perhaps Airbus or ASML-style hard work. I wrote about this in Taking the Airbus to the IKEA Cloud.
Photo by Alex Machado on Unsplash
However, you can still deliver services without US clouds
There are governments and companies that have concluded that it is no longer possible to do anything IT or computer related without using one of the big three US cloud providers. This conclusion comes from some circular reasoning however. There are indeed software developers that no longer function without US cloud support. And these developers will indeed tell you there is no life outside of Microsoft/Google/AWS. Europe however still has a lot of capacity to build software based on servers and commodity services instead of on specific proprietary cloud services. I outlined this in Cloud Naïve: Europe and the ‘Bijenkorf’ Megascaler.
Massive outsourcing has made organizations somewhat helpless
Many organizations have over the years outsourced a lot of their IT. Even very information heavy things like banks have decided that IT and computing are not their core competence. They are now realizing they were wrong about this. However, it is very common to first outsource non-core competences, and then not know when to stop. It is extremely difficult to stop doing 80% of what you did while remaining good at the 20% you must retain. If you have no native IT skills left, you end up depending 100% on someone else’s skills, most likely from the cloud. I expand on this hard problem in Your tech or my tech: make up your mind quickly.
Solutions will be European, but we need to be more precise than “Europe should do something”
We need solutions to Europe’s lack of hyperscalers & total dependency on the US. We often look towards “Europe”, but it is important to know that we can’t just ask “Europe to invest in cloud”, we need to be more specific. Europe is a land mass, it doesn’t “do” anything. I ask for precision in the piece Don’t say ‘Europe Must Invest in XYZ’.
GAIA-X will not save us
Meanwhile, a lot of oxygen has been used up by GAIA-X, which is not actually an EU project. I wrote Gaia-X is a distraction which should be abandoned, which includes a response from the GAIA-X board. But GAIA-X, and similar projects, are not going to save us.
The cloud is not just one thing. On many important levels, Europe can deliver
The cloud luckily is not just one thing. It ranges from renting servers, bandwidth, storage on one end, and outsourcing your entire business communications/processes on the other end. It turns out that in Europe we are actually very good at the server/storage/bandwidth front. There is a lot of nuance. It is entirely possible to base quality (government) services on European clouds. But, you have to want to. In The (European) cloud ladder: from virtual server to MS 365 I expand on what cloud services we do have in Europe, and also define what we don’t have.
However, we should be clear on what we don’t have here
In Dear hosters, you are selling wood, not furniture I zoom in specifically on how some European providers of servers should be clear that they are providing great compute and network capacity, and that many customers actually want higher level services, services these hosting providers are not offering.
When “going to the cloud”, do be clear how deeply dependent you want to become
These differences meanwhile are crucial. Organizations often sign off on “going to the cloud” without realizing this could mean all kinds of things. It could mean sensibly renting compute capacity and getting rid of your own datacenter and servers. But it could also mean making yourself 100% dependent on one specific US supplier, one who then becomes your eternal subcontractor. This could also be fine, but as I wrote “These days under the guise of ‘cloud as a commodity’ we are gluing ourselves to specific suppliers, without realizing that they are not in fact supplying commodity services.”. More in ‘The cloud’ is not just servers. ‘Going to the cloud’ could also mean locking into a forever sub-contractor.
IT systems are already brittle. Getting your cloud from another continent is then not helpful
Meanwhile, it is 2025 and war is raging. Yet our IT systems are brittle and fall over all the time, even without having to deal with nation state attackers. In Cyber Security: A Pre-War Reality Check I wrote about the dire state of our systems. Basing your national security, hospitals, safety on cloud providers on other continents, while waging a trade war, may not be the wisest idea.
It is not the case that only the hyperest of hyperscalers can compete
We sometimes hear that the hyperscalers are so far ahead of us it is pointless to compete. If the cloud were something like chemicals, where the only thing that matters is price, this would be true. However, the cloud is not a chemical factory, as I wrote in this Dutch piece De cloud is geen paracetamolfabriek. It turns out you don’t have to be the very cheapest to compete. And in fact, the hyperscaler clouds are incredibly expensive.
You can’t run a government without privacy & if you need US permission to function at all
Meanwhile, governments are moving to the US cloud at a rapid clip. In Europe we now absolutely rely on the availability of US services to get anything done. If Trump were to sanction one of our governments, we’d lose access to the “beautiful US clouds”, and nothing would work anymore. In addition, the US can now read all our government/court/tax documents. Finally, if the US cloud somehow stumbles, perhaps because it is attacked by Russia, we’ll have to patiently wait for the US to repair their cloud. We can’t do anything about that ourselves. In the piece How sovereign do you want to be? I wonder if this is all a good idea (no).
The EU-US privacy framework is near-death and you can’t rely on it anymore
Meanwhile, the US situation means that the EU-US privacy framework is near death. Part of this framework is a special committee within the US government that is supposed to monitor this framework. As one of his first moves, Trump dismantled this committee. In the Dutch piece Is het legaal om persoonsgegevens op servers van Amerikanen te zetten? (with many links to English language documents), I discuss how depending on this near-deceased framework will lead to foreseeably illegal situations.
Open source will be part of the solution, but much more is needed
To get us out of our painful dependencies, it is often suggested to “go open source”. While open source software is inevitably going to be part of the solution, software is still software. That the software is free and comes with a lot of freedom does not mean it will work well for your office situation. You still need classic IT operations, as outlined in the piece Open Source on its own is no alternative to Big Tech. Crucially, if you “just try some open source”, your experiment will fail, to the delight of incumbent software giants.
We have amazing open (source) technology, but it needs to up its game
Our societies and governments now largely run on American proprietary big-tech platforms. Many of us want to decrease this dependency, or even end it altogether.
Everyone in the open tech scene is full of good intentions and we all want to improve things, but mostly we are not succeeding. By our nature, we would like to build fun, open, federated, and standards-based things. But that’s not enough — that’s not what the world is waiting for (right now).
In “What we in the open world are messing up in trying to compete with big tech” I write on things the open (source) world is not doing, and make some pointed and painful suggestions. Note that I most definitely come from this world, which is why this was all extra painful to point out.
European Governments are already overly deep into US clouds
A piece in Dutch mostly on the Dutch government’s total planned reliance on Microsoft email and communication services. Contains links to documents where the Dutch government confirms that the US will be able to read all our documents. This apparently is an acceptable risk. The article De toestand van de cloud en de overheid has this, plus some highly nostalgic WordPerfect screenshots for those of a certain age.
“Double key encryption” and special EU-only servers will not save you (according to Microsoft)
People in the Microsoft ecosystem will often say that you can use “Double Key Encryption” or special EU-only servers to protect yourself from the US government. Microsoft itself is a lot more careful about this, since they know it is not true. In the article “Servers in de EU, eigen (dubbele) sleutels: helpt het?” I outline in Dutch how the location of your servers makes no practical difference, and how even Microsoft says that the double key encryption is impractical except for very limited numbers of documents, perhaps 5%. Translation works well on this article, and at the end you’ll find some references documents in English.
We should at the very least have a government/healthcare/utility backup communication facility
Europe is now on the path to having all its government communications flow through US-operated servers, falling under US spying legislation. We are also at risk of sanctions, where the US can cut off our use of those servers with a single letter. This got me all hot and bothered, and I suggested this is not acceptable, and we should build at least a backup communication solution for our vital services, like governments and hospitals: Communications without Musk and Trump: Cloud Kootwijk. This piece got a lot of attention in The Netherlands and led to the passing (and accepting) of a parliamentary motion to create such a backup solution. I was also invited to a Dutch parliamentary hearing to talk about this.
Trump 2.0 will exploit our total dependency on US services
After “the events since January 20th”, as the second Trump presidency has been called, it has become clear it would be EXCEPTIONALLY unwise to make ourselves completely dependent on US services. Trump is entirely transactional. If you depend on the US more than the other way around, he’ll shake you down. We must not allow a situation where we can’t operate our defense, hospitals, tax systems and banks only if Trump likes us. I wrote about this in It is no longer safe to move our governments and societies to US clouds. That post was also covered by The Register in the piece Under Trump 2.0, Europe’s dependence on US clouds back under the spotlight.
Swiss newspaper Republik interviewed me about the situation in «Die US-Regierung hat die Möglichkeit, auf viele Politikermails in Europa zuzugreifen».
European governments will need to do industrial policy to get us out of this mess
We need to get more cloud options and from more countries, not just the US. This will require industrial policy. The free market has not magically delivered us sovereignty, and is not about to do so either. Any new non-US initiative will at first not be as powerful or as easy to use as the incumbent clouds. In But how to get to that European cloud? I wrote on a plausible path forward.
And here is a suggested concrete & coherent policy
The piece from the previous paragraph resonated very well, but people asked for more detail on who exactly should do what. These are reasonable questions. Many things have been attempted already, and there are many pitfalls along the way to a non-US cloud that people would want to do business with. This requires both great technology but also incentives. Not many people are going to use a non-US cloud just because it has a lovely EU flag on it. In A coherent European/non-US cloud strategy: building railroads for the cloud economy I present a strategy that is concrete enough that you can disagree with it. It talks about technical, legal and business strategies. Crucially, a lot of the suggestions are good ideas anyhow, even if not everything works out.
.. to be continued!
If you think I should cover another angle, perhaps AI, please do let me know on bert@hubertnet.nl !